{"id":70813,"date":"2004-12-14T10:23:00","date_gmt":"2004-12-14T10:23:00","guid":{"rendered":"https:\/\/blogs.technet.microsoft.com\/heyscriptingguy\/2004\/12\/14\/how-can-i-rename-an-active-directory-group\/"},"modified":"2004-12-14T10:23:00","modified_gmt":"2004-12-14T10:23:00","slug":"how-can-i-rename-an-active-directory-group","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/scripting\/how-can-i-rename-an-active-directory-group\/","title":{"rendered":"How Can I Rename an Active Directory Group?"},"content":{"rendered":"

\"Hey, \n

Hey, Scripting Guy! How can I rename an Active Directory group?

— CL<\/P>\"Spacer\"\"Hey,\"Script<\/A> \n

Hey, CL. This is actually pretty easy; as you\u2019ll see, it only takes two lines of code. It\u2019s not a hard problem, it\u2019s just a little bit tricky. That\u2019s because ADSI (at least when it comes to dealing with Active Directory) does not have a Rename method. Instead, you need to use the MoveHere method to \u201cmove\u201d the account from its current ADsPath to a new ADsPath. The trick is that the new path differs in only one respect: the CN (common name). Giving the object a new CN effectively renames it.<\/P>\n

Confused? We don\u2019t blame you. So let\u2019s give you an example. Suppose we have a group with an ADsPath similar to this (remember, the ADsPath is the unique path that allows us to locate the object in Active Directory):<\/P>

LDAP:\/\/cn=FinAdmins, ou=Finance, dc=fabrikam, dc=com\n<\/PRE>\n
Notice that the CN for the group is FinAdmins. We\u2019d like<\/I> the CN for the group to be Finance Managers; in other words, we\u2019d like the ADsPath for the object to look like this:<\/P>
LDAP:\/\/cn=Finance Managers, ou=Finance, dc=fabrikam, dc=com\n<\/PRE>\n
We know what you\u2019re thinking, but Active Directory won\u2019t let us directly change the value of the CN attribute; that is, we can\u2019t use code like this to change the CN:<\/P>
objGroup.CN = “Finance Managers”\nobjGroup.SetInfo\n<\/PRE>\n
But that\u2019s all right; we\u2019ll just \u201cmove\u201d the group. The group started out with this ADsPath:<\/P>
LDAP:\/\/cn=FinAdmins, ou=Finance, dc=fabrikam, dc=com\n<\/PRE>\n
Now we\u2019re going to move it to this<\/I> ADsPath:<\/P>
LDAP:\/\/cn=Finance Managers, ou=Finance, dc=fabrikam, dc=com\n<\/PRE>\n
The group will still be in the Finance OU, and it will still have all its existing properties and members; it\u2019s the same group, it just has a new ADsPath, and a new CN. Yes, it\u2019s a little weird, but, hey, it works. And it\u2019s no different than using the Move command to rename a file. If you type this from the command prompt, it will rename the file C:\\Logs\\New.log to C:\\Logs\\Old.log:<\/P>
move c:\\logs\\new.log c:\\logs\\old.log\n<\/PRE>\n
Same idea.<\/P>\n
So what does the code actually look like to rename the group? It looks an awful lot like this:<\/P>
Set objDomain = GetObject(“LDAP:\/\/ou=finance, dc=fabrikam, dc=com”)\nobjDomain.MoveHere _\n     “LDAP:\/\/cn=FinAdmins,ou=Finance,dc=fabrikam,dc=com”, “cn=Finance Managers”\n<\/PRE>\n
Like we said, pretty easy. We bind to the Finance OU (the container where the group account resides), and then call the MoveHere method. We need to pass MoveHere two parameters: the ADsPath to the object we want to rename (LDAP:\/\/cn=FinAdmins,ou=Finance,dc=fabrikam,dc=com) , and then new CN for the object (cn=Finance Managers). That\u2019s it. Run the script, and the group will be renamed.<\/P><\/p>\n","protected":false},"excerpt":{"rendered":"
Hey, Scripting Guy! How can I rename an Active Directory group?— CL Hey, CL. This is actually pretty easy; as you\u2019ll see, it only takes two lines of code. It\u2019s not a hard problem, it\u2019s just a little bit tricky. That\u2019s because ADSI (at least when it comes to dealing with Active Directory) does not […]<\/p>\n","protected":false},"author":595,"featured_media":87096,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[7,44,3,5],"class_list":["post-70813","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-scripting","tag-active-directory","tag-groups","tag-scripting-guy","tag-vbscript"],"acf":[],"blog_post_summary":"
Hey, Scripting Guy! How can I rename an Active Directory group?— CL Hey, CL. This is actually pretty easy; as you\u2019ll see, it only takes two lines of code. It\u2019s not a hard problem, it\u2019s just a little bit tricky. That\u2019s because ADSI (at least when it comes to dealing with Active Directory) does not […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/70813","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/users\/595"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/comments?post=70813"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/70813\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media\/87096"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media?parent=70813"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/categories?post=70813"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/tags?post=70813"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}